微服务（入门学习五）：identityServer4+ocelot+consul实现简单客户端模式

简介

  主要是采用identity Server4 和ocelot 加上consul 实现简单的客户端模式

开发准备

 环境准备

• 下载并安装Consul具体请参考前几篇的内容

项目介绍

• 创建ocelotServerTest项目
• 创建IdentityServer4Test项目
• 创建consulServer项目（API项目）  

1.创建Consulserver项目

   参考该地址进行创建：微服务（入门二）：netcore通过consul注册服务

2.创建identityServer项目

  参考该地址进行创建：微服务（入门四）：identityServer的简单使用（客户端授权）

3.创建ocelotServerTest项目

 3.1创建一个webAPI项目

3.2 修改startUP配置，添加authentication认证

using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using IdentityServer4.AccessTokenValidation;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.HttpsPolicy;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using netCore;
using Ocelot.DependencyInjection;
using Ocelot.Middleware;
using Ocelot.Provider.Consul;
using Ocelot.Provider.Polly;
namespace IdentityServer4Test
{
    public class Startup
    {
        public Startup(IConfiguration configuration)
        {
            Configuration = configuration;
        }

        public IConfiguration Configuration { get; }

        // This method gets called by the runtime. Use this method to add services to the container.
        public void ConfigureServices(IServiceCollection services)
        {
            services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
            services
                .AddAuthentication(JwtBearerDefaults.AuthenticationScheme)//添加认证
                .AddIdentityServerAuthentication("TestKey", o =>
                {
                    o.Authority = "http://127.0.0.1:3322";//要认证的服务器地址
                    o.RequireHttpsMetadata = false;//不启用https
                    o.ApiName = "api1";//要认证的服务名称
                });
            services.AddOcelot(Configuration).AddConsul().AddPolly();
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IHostingEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }
            else
            {
                app.UseHsts();
            }
            app.UseMvc();
     
            app.UseOcelot().Wait();
            app.UseAuthentication();
        }
    }
}

3.3创建ocelot.json文件并且添加AuthenticationOptions

 "AuthenticationOptions": {
        "AuthenticationProviderKey": "TestKey",
        "AllowedScopes": []
      }

{
  "ReRoutes": [

    {
      //下游路由模板，真实请求的路径
      "DownstreamPathTemplate": "/api/{everything}",
      //请求的方式，例如：http,https
      "DownstreamScheme": "http",
      //服务器名称
      "ServiceName": "zyz1",
      //启用consul服务
      "UseServiceDiscovery": true,
      //服务熔断
      "QoSOptions": {
        "ExceptionsAllowedBeforeBreaking": 3, //允许多少次异常请求
        "DurationOfBreak": 5, //熔断时间，单位为秒
        "TimeoutValue": 5000 //如果下游请求的处理时间超过多少则自动设置超时
      },
      //"RateLimitOptions": {
      //  "ClientWhitelist": [ "admin" ], // 白名单
      //  "EnableRateLimiting": true, // 是否启用限流
      //  "Period": "1m", // 统计时间段：1s, 5m, 1h, 1d
      //  "PeriodTimespan": 15, // 多少秒之后客户端可以重试
      //  "Limit": 5 // 在统计时间段内允许的最大请求数量
      //},//负载均衡：
      //RoundRobin轮流发送;
      //LeastConnection – 将请求发往最空闲的那个服务器
      //NoLoadBalance – 总是发往第一个请求或者是服务发现
      "LoadBalancerOptions": {
        "Type": "RoundRobin"
      },

      //上游地址配置
      "UpstreamPathTemplate": "/test/{everything}",
      //上游支持的请求类型
      "UpstreamHttpMethod": [ "GET", "POST" ],
      "AuthenticationOptions": {
        "AuthenticationProviderKey": "TestKey",
        "AllowedScopes": []
      }
    },
    {
      "DownstreamPathTemplate": "/api/Token",
      "DownstreamScheme": "http",
      "DownstreamHostAndPorts": [
        {
          "Host": "127.0.0.1",
          "Port": 3322
        }
      ],
      "UpstreamPathTemplate": "/GetToken",
      "UpstreamHttpMethod": [ "Get" ]
    }
  ],
  "GlobalConfiguration": {
    "BaseUrl": "https://localhost:8596",
    //consul服务器地址和ip
    "ServiceDiscoveryProvider": {
      "Host": "localhost",
      "Port": 8500
    }

  }
}

3.4 修改program文件，添加访问地址，以及ocelot的配置文件

using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.Logging;

namespace IdentityServer4Test
{
    public class Program
    {
        public static void Main(string[] args)
        {
            CreateWebHostBuilder(args).Build().Run();
        }

        public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
            WebHost.CreateDefaultBuilder(args)
            .UseUrls("http://localhost:8596")
            .ConfigureAppConfiguration(conf =>
            {
                conf.AddJsonFile("ocelot.json", optional: false, reloadOnChange: true);
            })
           .UseStartup<Startup>();
    }
}

测试

1.首先开启consul服务

 2.接下来把服务注册到consul当中，启动ConsulServer

 

3.启动IdentityServer4Test和ocelotServerTest服务

4.通过postMan获取token（正式开发中不会如此使用）

 

 5.根据获取的token去请求Consulserver当中的数据，可正常返回数据